TDSS loader now got “legs”

Ohio

I just wanted to welcome you all to Ohio.You guy's are Brilliant!Thanks for being here!

Re: Re: how can I remove this

hello segey, i got problem that. i will try....thanks

Bootkit Virus

I recently removed this virus with the help of your tools on this website, however after removing it my computer constantly blue screens, safe mode, debug mode, last good config, everything.

I'm assuming this is because it altered/deleted my MBR. Do you guys use any particular programs you use to protect the master boot record from writing. I have googled but it but had little success.

Re: .lnk

"plain .lnk" one)

hi, im hoping you can help me

Is it possible to have multiple rootkits or worse yet is there a rootkit os that your aware of?

The rootkit on my home computer closely resembles the rootkit your explaining; however, I suspect my computer may be on a vm (java, i think), Im not a programmer, however, Ive gathered as much info as possible. It does self propogate and spreads as you describe supra. It takes control over the acpi, uses colors to manipulate the gui, flips the gui and then injects xml asian characters that are hidden in white space. It also uses a border and shadow background image to shadow but Im not sure. It stores files in movies, speech, fonts, printer, bypasses all security certificates, sets up a public server on my desktop, injects more xml via rss feed into browser. It is manipulating my monitor as well. The Worst Part - It viciously attacks the cpu and with variety of photoshop filters, and has set my L2Cache to a negative five offset. It has its own freedos with its own api so I cant even use my seagate cd to view the hard drive. Is there a rootkit to date that acts like an entire os? I see that it completely replaces the registry with a streaming virus that sings lalala fun something, the symbols it uses when I change the font to webding is really evil as well and manipulates the video settings. Is this a rootkit os with a windows 7 shell? Can you help me, and if so, can you please point me in the right direction. Im frustrated beyond tears.

Edited by pls.help, 2011 Jun 20, 08:38

.lnk

Hello
Is the .lnk related at anyway with the autorun functionality (something like the .lnk exploit which led to autoexec) or is it just a plain .lnk that aims to target the user by accidentally clicking it?

Re: how can I remove this

Hello Joe.
You can download and run this tool for disinfection
http://support.kaspersky.com/viruses/avptool2010?level=2

how can I remove this

I have this virus.....where can I go to get the best fix to remove it...any suggestions?

Re: ask bin

> can i have a bin from you
NO)

Re: additional spreading vector

Yes) +1

additional spreading vector

In seeing it in action it will scan for writable network shares and copy the five files(setup.lnk, myporno.avi.lnk, pornmovs.lnk, autorun.inf and setup.fon) to shares that it has write access to.

ask bin

hello, i have interest in the vlan spreading skill, can i have a bin from you ,thanks very much!